My testing this afternoon would seem to confirm that the Memory Management keys
are not needed on Windows 10. At least as far as the detection script is to be
trusted. The result of the script was the same whether the keys didn't exist
(the initial state) or if they were set to enabled. If you specifically set
them to disabled then the script reported the device vulnerable.
Bryan
________________________________
From: [email protected] [[email protected]] on behalf
of Adam Juelich [[email protected]]
Sent: Tuesday, January 09, 2018 12:06 PM
To: [email protected]
Subject: Re: [mssms] RE: Confused - Spectre / Meltdown
Workstation:
1. Registry Key set by A/V (or manually set based on A/V guidance)
2. Windows Update
3. BIOS/Firmware Update from vendor
Server:
1. Registry Key set by A/V (or manually set based on A/V guidance)
2. Window Update
3. Push Registry Keys (2 needed, the third is for Hypver-V Hosts - I believe)
* Test and monitor performance impact
4. BIOS/Firmware Update from vendor
That is my understanding thus far...........
Good thing we have nothing else to do ;-)
On Tue, Jan 9, 2018 at 10:48 AM, Brian Illner
<[email protected]<mailto:[email protected]>> wrote:
My understanding was that those keys were just for the ServerOS?
I have a Dell laptop that I completed all the tasks for and it does not have
the memory management keys and yet it shows as all green in SpeculationControl?
Come on MS, your information is changing hourly as each team contradicts the
other
BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax
[cid:[email protected]]
Visit
canalinsurance.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__canalinsurance.com&d=DwMFaQ&c=NjgxpSSi0c1nSHFRGItzyA&r=KWpqtEEfXhZfmzEhpZYWbkTAjRbCjXuhffs_frSMo9A&m=7eAF1on4WbqiIw9gdju7bDCBAuLWPpl3-xnx-V7tdLo&s=4F9X90g5_8HDwoolSyP0lpS66YJK_StnUqgnq7RlN8E&e=>
for news and information.
[cid:[email protected]]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_canal-2Dinsurance-2Dcompany&d=DwMFaQ&c=NjgxpSSi0c1nSHFRGItzyA&r=KWpqtEEfXhZfmzEhpZYWbkTAjRbCjXuhffs_frSMo9A&m=7eAF1on4WbqiIw9gdju7bDCBAuLWPpl3-xnx-V7tdLo&s=7UyWWN0cTWXprzWCUn6Cfj3jQJ7rgOjYTICTI8nUiWs&e=>
WARNING: As the information in this transmittal (including attachments, if
any) may contain confidential, proprietary, or business trade secret
information, it should only be reviewed by those who are the intended
recipients. Unless you are an intended recipient, any review, use, disclosure,
distribution or copying of this transmittal (or any attachments) is strictly
prohibited. If you have received this transmittal in error, please notify me
immediately by reply email and destroy all copies of the transmittal. While
Canal believes this transmittal to be free of virus or other defect, it is the
responsibility of the recipient to ensure that it is virus free and no
responsibility is accepted by Canal (or its subsidiaries and affiliates) for
any loss or damage arising therefrom.
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]<mailto:[email protected]>]
On Behalf Of Kent, Mark
Sent: Tuesday, January 9, 2018 11:00 AM
To: [email protected]<mailto:[email protected]>
Subject: [mssms] RE: Confused - Spectre / Meltdown
Yeah I see them at the bottom of
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in<https://urldefense.proofpoint.com/v2/url?u=https-3A__support.microsoft.com_en-2Dus_help_4073119_protect-2Dagainst-2Dspeculative-2Dexecution-2Dside-2Dchannel-2Dvulnerabilities-2Din&d=DwMFaQ&c=NjgxpSSi0c1nSHFRGItzyA&r=KWpqtEEfXhZfmzEhpZYWbkTAjRbCjXuhffs_frSMo9A&m=7eAF1on4WbqiIw9gdju7bDCBAuLWPpl3-xnx-V7tdLo&s=cLUf0bi6vko7UFOvCMTzShN5j6YjV7C1l9diIlxVppo&e=>
And they don’t really say what they are for.
Keep refreshing the page, wait for an edit :)
Mark Kent
Manager, Client Systems Engineering
Technology Support Services
Resources for Information, Technology and Education (RITE)
http://rite.buffalostate.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__rite.buffalostate.edu_&d=DwMFaQ&c=NjgxpSSi0c1nSHFRGItzyA&r=KWpqtEEfXhZfmzEhpZYWbkTAjRbCjXuhffs_frSMo9A&m=7eAF1on4WbqiIw9gdju7bDCBAuLWPpl3-xnx-V7tdLo&s=mjHLhJ5kVFFzsaO4k7TI4QWjSQzc582n5qbqYYaBxWU&e=>
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of SCCM FUN
Sent: Tuesday, January 9, 2018 10:02 AM
To: [email protected]<mailto:[email protected]>
Subject: [mssms] Confused - Spectre / Meltdown
Can anyone confirm the following?
Workstation/Servers - both need the AV key in order to do any patching going
forward
Workstation
At one point in the MS article for workstation patching (4073119) I could of
sworn there wasn't anything about having to making registry settings (except
for AV) but now it looks like they added 2 registry keys. Were these 2 reg
keys always in the KB/needed?
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
Server
3 reg keys need to be added for the server patch to take effect. Are you
enabling this on all your servers or just the 3 use cases they list in their
article (4072698).
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v
MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
Thanks
